A block proposer can see your bid, exclude your transaction, and front-run you - that's the dirty secret of every on-chain auction today. Classical sealed-bid auctions guarantee fairness; blockchain auctions don't. A new preprint from a team of researchers fixes this with a protocol that delivers all four properties a real sealed-bid auction needs, backed by zero-knowledge proofs that run fast enough for latency-sensitive high-value markets.
The Problem: Proposer Can See and Sabotage Your Bid
On-chain auctions settle NFT sales, token launches, DeFi liquidations, and arbitrage opportunities every block. Each bid is a public transaction whose inclusion is decided by a single consensus proposer per block. That proposer can observe pending bids, exclude competitors, and submit bids of their own. That breaks the fundamental fairness of sealed-bid auctions. The paper formalizes this as four concrete attacks: revealing bid contents, excluding honest bids, silently withdrawing a bid to re-auction information, and forcing all bidders to pay on-chain fees.
Four Properties, One Protocol
The protocol achieves four properties: Hiding (bid contents, existence, and bidder identity remain hidden until reveal), Simultaneous Release (all timely honest bids are counted, late adversarial bids are rejected), No Free Bid Withdrawal (a committed bid cannot be silently withdrawn), and Auction Participation Efficiency (only the winner pays on-chain fees). The construction uses a timestamping oracle instantiated with a committee of 2f_ts+1 timestampers and a censorship-resistant inclusion predicate based on the FOCIL inclusion list. Only the winning bid settles on-chain; everything else stays off-chain until reveal.
Performance: 13ms Proof Generation, Sub-ms Verification
The protocol relies on two zero-knowledge proofs: an eligibility proof that anonymously proves deposit membership to the timestamping committee, and an auction proof that binds a bid to a specific auction for the inclusion list committee. Both use Groth16 over BN254 with Poseidon hashing implemented in arkworks/Rust. The auction proof generates in 13 milliseconds and verifies in under 1 millisecond. Eligibility proofs for Merkle trees supporting up to 2^32 bidders generate in 47-159 ms and verify in about 1 ms. That makes the primitive practical for the time-sensitive blockchain settings where every millisecond of latency costs money.
This protocol gives auction designers a toolkit to build truly fair on-chain auctions without trusting block proposers. Expect to see these ideas integrated into next-gen token launch mechanisms and DeFi liquidation systems that can't afford to leak information or let proposers play games.
Source: Censorship-Resistant Sealed-Bid Auctions on Blockchains
Domain: arxiv.org
Comments load interactively on the live page.